Masterclass: Threat Hunting with AI

During this 5-day course of super intensive training you will gain crucial cybersecurity knowledge and skills in terms of Threat Hunting with AI Support.

You´ll be able to:

  • Get the highest quality and unique learning experience – the class is limited to 20 participants by default.
  • Get the opportunity to interact with our world-renowned Experts.
  • Go through CQURE’s custom lab exercises and practice them after the course.
  • Receive a lifelong certification after completing the course!

Why this course?

Our Threat Hunting with AI Support course is a 5-day training (35 hours) designed for Security Analysts, IT Administrators, Incident Responders and Threat Hunters. During the course participants will learn some of the modern attack techniques, local privilege escalation methods and identity infrastructure attacks as well as the ways how those attacks could be detected and mitigated. This knowledge will be enhanced with case studies which will demonstrate how real-world attacks happen using the methods learned. Additionally, participants will be introduced to solutions, that with AI support can enhance the threat hunting process. The course will conclude with showcasing how threat hunting and threat detection design can be performed by leveraging manual and automated methods.

 

 Target Audience

This course is designed for security professionals across offensive, defensive, and hybrid roles. Analysts, hunters, SOC teams, and incident responders will learn to enhance investigations with AI-driven workflows. Red and purple teamers will strengthen adversary emulation and detection validation, while engineers and developers gain hands-on experience building AI-powered tools, pipelines, and multi-agent systems. Security leaders and architects will benefit from practical insights into securing AI systems and addressing emerging vulnerabilities.

 

This Live Virtual Class consists of 13 Modules in terms of Threat Hunting with AI Support. They include essential theory combined with individual practice during the exercises as well as loads of hands-on tools and real-case scenarios.

Module 1: Modern Attack Techniques and Tracing Them

  1. Discussion: Top attack techniques
  2. Advanced Persistent Threats
  3. Initial access vectors
  4. Phishing – rev shell mail phishing bob
  5. Valid Credentials – password spray exc.
  6. Spoofing – DSN Twist
  7. Vulnerable components (drive by download)
  8. Weak defaults
  9. Other vectors Escalation through Windows Services

Module 2: Local Privilege Escalation Techniques and Tracing Them

  1. Unquoted service path
  2. Image and DLL manipulation
  3. Schedule Tasks
  4. Access Token Manipulation
  5. SeImpersonate
  6. SeTcb
  7. Create User Token
  8. Process Injection
  9. DLL Injection and Reflective DLL Injection
  10. CreateRemoteThread
  11. Memory Injection
  12. Other techniques

Module 3: Case Study – Investigating In-Place Attacks


Module 4: Windows Authentication Architecture & Cryptography

  1. Windows Logon
  2. Windows Logon Types
  3. LSASS Architecture
  4. NTLM
  5. Kerberos
  6. SAM Database
  7. NTDS.dit
  8. LSA Secrets & gMSA accounts
  9. Secrets, credentials and Logon Data
  10. PKI Misconfigurations
  11. SSP Providers
  12. Data Protection API

Module 5: Case Study – Investigating Identity Theft

Module 6: Attacks on Identity Infrastructure and Tracing Them

  1. Pass-the-Hash, OverPTH attacks
  2. Pass the ticket
  3. Golden and silver ticket
  4. Pass the PRT
  5. Shadow Credentials / NGC
  6. NBNS/LLMNR spoofing, NTLM Relay, Kerberoasting
  7. DCSync and DCShadow
  8. AdminSDholder
  9. Other Modern identity attack techniques

Module 7: Microsoft 365 Defender for Endpoint – EDR

  1. Intro 101 to Microsoft Defender ecosystem
  2. EDR deployment strategies
  3. EDR installation and configuration
  4. Fine tuning and hardening of EDR configuration
  5. Managing and Maintaining Security Posture
  6. Troubleshooting Common Issues
  7. Automation with ServiceNow and 3rd party

Module 8: Security Operations with Microsoft EDR (Defender for Endpoints) – Advanced Threat Hunting with Defender

  1. EDR integration with Microsoft Azure Sentinel
  2. Security Operations best practices with Microsoft EDR and Sentinel
  3. How to manage Incidents inside EDR and Sentinel
  4. Kusto language 101 – basic and advanced queries
  5. Advanced Hunting
  6. Hacker ways to hide malware and bypass EDR

Module 9: Microsoft Security Copilot

  1. Introduction to Microsoft Security Copilot
  2. Developing and Using Promptbooks
  3. Create Effective Promptbooks for Security Analysis
  4. Plugins Management
  5. Data Security and Privacy
  6. Responsible AI at Microsoft

Module 10: Case Study – Detecting a Complex Threat with Sentinel and Microsoft Copilot for Security

Module 11: Network Forensics and Monitoring

  1. Types and approaches to network monitoring
  2. Network evidence acquisition
  3. Network protocols and Logs
  4. Gathering data from network security appliances
  5. Detecting intrusion patterns and attack indicators
  6. Data correlation
  7. Hunting malware in network traffic

Module 12: Memory Dumping and Analysis

  1. Introduction to memory dumping and analysis
  2. Creating memory dump – Belkasoft RAM Capturer and DumpIt
  3. Creating memory dump
  4. Utilizing Volatility to analyse Windows memory image
  5. Analysing Stuxnet memory dump with Volatility
  6. Automatic memory analysis with Volatile

Module 13: Disk Dumping & Analysis

  1. Introduction to storage acquisition and analysis
  2. Drive Acquisition
  3. Autopsy
  4. Building timelines
  5. File System Analysis Techniques
  6. Encryption and Decryption of Drives
  7. Deep-Dive into Automatic Destinations
  8. Extracting Information About Network Activity

Certification

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

 

FAQ – Masterclass: Threat Hunting with AI

Hva koster kurset?
Prisen er 39 900 NOK for 5 dager. Kurset inkluderer kursmateriell, praktiske lab-øvelser og livslang sertifisering etter fullført kurs.

Hvor lenge varer kurset?
Kurset går over 5 intensive dager fra 09:00 til 16:00 hver dag og gjennomføres som et internasjonalt Live virtuelt kurs.

Hvordan gjennomføres kurset?
Kurset leveres som en live virtuell klasse ledet av CQUREs cybersikkerhetseksperter. Deltakerne jobber i praktiske lab-miljøer og analyserer realistiske angrepsscenarioer ved hjelp av moderne sikkerhetsverktøy og AI-støttede metoder for trusseljakt.

Hvem passer kurset for?
Kurset er utviklet for sikkerhetsfagfolk som jobber med trusseldeteksjon og hendelseshåndtering, blant annet:

  • Security analysts
  • Threat hunters
  • SOC teams
  • Incident responders
  • Red team- og purple team-spesialister
  • Security engineers og utviklere
  • Security architects og sikkerhetsledere

Hva lærer jeg i løpet av kurset?
Du lærer hvordan moderne angrep oppdages og analyseres ved hjelp av både manuelle og AI-baserte metoder. Etter kurset vil du kunne:

  • Analysere moderne angrepsteknikker og identitetsbaserte angrep
  • Gjennomføre avansert trusseljakt i nettverk og systemer
  • Bruke Microsoft Defender og Sentinel til trusseldeteksjon
  • Utføre analyser av minne, disk og nettverkstrafikk
  • Bruke Microsoft Security Copilot til å forbedre sikkerhetsanalyser
  • Designe effektive trusseldeteksjonsstrategier og hunting-prosesser

Er kurset praktisk rettet?
Ja. Kurset inneholder omfattende hands-on lab-øvelser der deltakerne jobber med realistiske angrepsscenarioer, analyserer loggdata og gjennomfører trusseljakt ved hjelp av moderne verktøy og AI-assistanse.

Hvilke temaer dekkes i kurset?
Kurset dekker blant annet:

  • Moderne angrepsteknikker og APT-angrep
  • Privilege escalation og identitetsbaserte angrep
  • Windows autentiseringsarkitektur og kryptografi
  • Angrep mot identitetsinfrastruktur
  • Threat hunting med Microsoft Defender og Sentinel
  • KQL-basert analyse og trusseljakt
  • Bruk av Microsoft Security Copilot i sikkerhetsoperasjoner
  • Network forensics og trafikkovervåking
  • Minneanalyse og malware-detektering
  • Diskanalyse og hendelsesetterforskning

Får jeg sertifisering etter kurset?
Ja. Etter fullført kurs mottar du en livslang sertifisering som dokumenterer kompetanse innen threat hunting og AI-støttet sikkerhetsanalyse.

Hvilke forkunnskaper anbefales?
Det anbefales at deltakerne har erfaring innen IT-sikkerhet, nettverk eller systemadministrasjon. Kunnskap om Windows-infrastruktur, Active Directory og sikkerhetsanalyse vil være en fordel.

Hva gjør dette kurset unikt?
Kurset kombinerer avansert trusseljakt, digital etterforskning og AI-baserte sikkerhetsverktøy i én helhetlig opplæring. Du lærer hvordan moderne sikkerhetsteam identifiserer, analyserer og stopper avanserte angrep i både lokale og skybaserte miljøer.

 

See other relevant courses to explore:

Microsoft Security & Identity

Cloud Security & Incident Response

Cybersecurity Certifications

Andre relevante kurs

MasterClass: Hacking and Securing Windows Infrastructure
13. april
5 dager
Virtual Classroom
Masterclass: System Forensics, Incident Handling And Threat Hunting
25. mai
5 dager
Virtual Classroom
MasterClass: Windows Security and Infrastructure Management with Windows Internals
15. juni
4 dager
Classroom Virtual
MasterClass: Administering and Configuring Active Directory Federation Services and Claims
15. juni
3 dager
Classroom